The authenticated boot process introduced by the Trusted Computing Group (TCG) uses binary measurements, i.e., hashes of executables, to give an indication of which software configuration runs on a given computing platform. As the binary measurements change with any software update, sealed data becomes unavailable, too. To solve this and other problems regarding binary measurements, the concept of property-based attestation has been introduced.In this paper we show how to realize both property-based attestation and property-based sealing using existing TCGenabled hard-and software. The main idea is that an enhanced boot loader translates between binary measurements and properties, allowing to attest properties of unmodified operating systems loaded. Moreover, applications running on top of this operating system can use existing mechanisms, e.g., an existing Trusted Software Stack (TSS) implementation, to seal data to properties instead of binary hash values.One cornerstone of our proposal is the ability to also revoke the translation of certain binary measurements into properties in case of identified security problems. Our proposal is ideally suited for enterprise environments having a centralized IT-management infrastructure and scales well with the number of participating clients.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.